Information Security Architect

at Concero
Published June 2, 2022
Location St. Louis, MO
Category Default  
Job Type Full-time  


Job Description

Position Overview

Responsible for building a collaborative working relationship with IT Services, Enterprise Application Services, Business Unit application development and information security teams, and others to develop, promote, and implement sound application security strategies. Performs duties as the primary resource for business units and functions not having internal application security resources. Is a consultative resource for business units and functions having internal application security resources.

  • Determines Infrastructure, Application, and Cloud security requirements by evaluating business strategies and requirements against established security standards, OWASP, risk assessment methodology, and client requirements.
  • Researches information security standards; conducts application security and vulnerability analyses and risk assessments; researches threats and attack vectors that impact applications, colocation data centers, and public cloud environments.
  • Plans, coordinates, and leads in the design, integration, development, validation and implementation of specific security policies, systems and services. Document threat models to ensure appropriate mitigation is in place.
  • Leads security design as well as application architectural reviews
  • Maintains documentation related to application security including the development of secure coding policies, procedures and standards, as well as ensures the Software Development Life Cycle (SDLC) used in entities includes necessary security checkpoints, code review methodologies, etc
  • Ensure application security program aligns with industry frameworks such as the NIST Cyber Security Framework, ISO27001, FFIEC Cyber Security Framework, PCI, and others as applicable.
  • Mentors IT Services Cyber Security team and other IT staff members to enhance their knowledge of information security concepts, practices, tools, strategies, etc., and to improve the overall effectiveness of the information security program at.
  • Maintain regular and predictable attendance.
  • Perform other duties as assigned.

Required : Bachelor’s degree or equivalent related work experience

Preferred : MBA or related graduate degree"

  • 10+ years related experience
  • Strong Security competency across multiple environments including SaaS, Colocation, and Public Cloud.
  • Ability to map and document complex processes and systems.
  • Competent knowledge of analysis tools including VISIO, Excel, MS Project and Access.
  • Advanced oral and written communication skills, demonstrating the ability to convey technical terminology that is meaningful and well received by all stakeholders, including customers and associates.
  • Deep understanding of industry best practice for security concepts around NIST frameworks.
  • Advanced persuasion skills when working with internal/external customers to resolve issues/problems
  • Advanced analytical and problem-solving skills
  • Advanced experience with SSDLC frameworks, OWASP.
  • Outstanding communication, analytical skills and ability to function in a globally diverse work environment.
  • Advanced ability to work well within and manage a team
  • Ability to foster a teamwork and customer service focused environment
  • Advanced ability to employ methodologies for analyzing and improving business processes
  • 5+ years’ experience in systems and network monitoring technologies and tools
  • 6 or more years’ experience in designing solutions or applications with programming technologies and tools
  • Experience working with SEIM, Firewall, Vulnerability management and PEN Testing Tools (Burpe, Kenna, Sonar, etc.) technologies is a plus.
  • 4 + years of experience with public and hybrid cloud environments.
  • Insurance industry knowledge

Technical Requirements

  • SAML, Oauth
  • SDLC
  • CISSP"
Drop files here browse files ...